(U//FOUO) DoD Strategy for Defense Critical Infrastructure

The Defense Critical Infrastructure Program (DCIP) Strategy for Defense Critical Infrastructure articulates the approach required for ensuring the availability of assets deemed essential to the successful completion of DOD missions in an all-threat and all-hazard environment. This strategy recognizes that although safeguarding the reliability of the nation’s critical infrastructure will require a national effort, executing the strategy will provide defense stakeholders with a better understanding of what DOD must do to confirm the availability and resiliency of Defense Critical Infrastructure (DCI).

The United States currently faces a dynamic, flexible, and very pragmatic adversary. Due to the unconventional nature of the terrorist threat and the asymmetrical tactics demonstrated both at home and abroad by our enemies, we can no longer expect the protection formerly provided by the oceans bordering our coasts to serve as an effective deterrent to attack. The attacks of September 11, 2001, and other events demonstrated that an act of terrorism can cause worldwide infrastructure asset disruption. In the past decade, hurricanes or other violent storms have also revealed that our infrastructure assets are at risk from destruction, degradation, or disruption by natural events. Given scarce resources, this Strategy’s objectives must be balanced against other priorities outlined in the National Defense Strategy.

DOD will implement this Strategy for Defense Critical infrastructure to ensure we are prepared for threats and hazards that may affect our infrastructure assets. Actions to reduce or mitigate the risks to infrastructure could include, but are not limited to, changing tactics, techniques, or procedures; adding redundancy; selecting alternate ways to perform functions; isolating or hardening; and guarding.

Critical Infrastructure Protection in a Global Environment

The ability of DOD to accomplish its assigned missions depends on a global array of critical infrastructure. This global infrastructure is owned, leased, and/or operated by DOD, other government organizations, the private sector, foreign governments, and foreign industry. Furthermore, these global infrastructure assets have vulnerabilities that, if exploited, may affect the ability of DOD to perform its missions.

Organizing and Integrating Critical Infrastructure Activities

Defense Critical Infrastructure is a complex, interdependent, and decentralized network of public and private-sector systems, services, people, and processes. DCI provides the operational and technical capabilities that are essential to project, support, and sustain military forces and operations worldwide in times of peace and war in support of the National Military Strategy. Additionally, DOD must collaborate with the Critical Infrastructure Protection (CIP) efforts of the Department of Homeland Security and the Department of State to ensure all national and international CIP-related policy issues that are important to supporting the missions of DOD are properly addressed.

Mission, Vision, and Goals

The mission of the Defense Critical

Infrastructure Program (DCIP) is to enhance the risk management decision making capability at all levels to ensure that Defense Critical Infrastructure is available when required, and the DCIP vision to accomplish that mission is to ensure the availability of Defense Critical Infrastructure in an all-threat and all-hazard environment. Effective risk management in support of the DCIP requires participation at all levels of DOD. Although this Strategy focuses on those assets deemed critical at the department-level, the goals, objectives, and processes described within can be adapted by lower echelons of command/organization to support their own critical infrastructure assurance activities. Accordingly, effective risk management decision-making rests on accomplishing the following five goals:

There are insufficient resources to remediate all risks to all infrastructuresfrom all threats and hazards at all times. Accordingly, DOD will apply a risk management approach to protecting DCI. DOD must know what infrastructure assets are critical to DOD missions, what vulnerabilities the assets have, and what threats and hazards to the assets exist. Armed with this risk assessment information, decision makers can make informed risk management decisions and apply appropriate risk management response measures.

…

Defense Critical Infrastructure in a Global Environment

DOD relies on infrastructure consisting of physical, human, and information assets. Such infrastructure includes DOD assets, other Government (non-DOD) assets, and privately owned assets, both domestic and foreign . These assets provide the operational and technical capabilities required to project, support, and sustain military forces and operations worldwide. The DCIP focuses on domestic and foreign assets that are critical to DOD missions. Some of these assets reside on military installations and/or are owned, leased, or operated by DOD. DCIP can take direct steps to manage risks to these assets.

Other assets that are not owned by DOD, but support its missions, include other Government-owned assets, commercial assets, foreign assets, and DIB assets. Although DOD may be limited in the direct application of resources for their protection, identifying non-DOD owned assets is crucial to the risk management framework. DOD must therefore work collaboratively with these asset owners to encourage and facilitate the management of risks to these assets.